Web Application Threat Model

[mahmud]

Threat modeling is a pain in the ass, doubly so if you're using an automated tool.

Simple, platform and software-specific checklists might be better. Here is a generic one as well.

http://www.sans.org/reading_room/whitepapers/securecode/a_se...

[showerst]

Please post a [PDF] warning on pdf links.

[jacquesm]

You should post that one separately.

[_zhqs]

I want to vomit when I read the word "stakeholders".